<?php
/**	
*	FILENAME: 		/admin_app/login.php
*	DESCRIPTION:	This file acts as an authenticaiton mechanism and interface for accessing the MyNova Mobile Administrative Panel.
*	AUTHOR:			Casey Burkhardt
*	VERSION:		1.0.0
*	LAST MODIFIED:	12/20/2009
**/

require_once("./libraries/security.php");
require_once("../libraries/functions.php");
require_once("../libraries/ldap.php");
require_once("../libraries/users.php");
require_once("../libraries/admin_privileges.php");

setTimezone();

$formSubmitted = $_POST["Login"];
$username = $_POST["username"];
$password = $_POST["password"];
$ipAddress = $_SERVER['REMOTE_ADDR'];
$time = time();

$BAN_THRESHOLD = 10;
$BANNED_PAGE = "banned.php";
$AUTHENTICATED_PAGE = "main.php";

// Check to see if this IP address is banned and redirect if banned.
if (getFailedAttempts($ipAddress) >= $BAN_THRESHOLD)
{
	header("Location: " . $BANNED_PAGE);
	die("Session Prohibited...");
}

// Check to see if an active MyNova Mobile Administration Panel session exists and redirect if already authenticated.
if(activeSessionExists())
{
	$uid = getCurrentSessionsUser();
	if ($uid > 0)
	{
		authenticateAdminUser($uid);
		header("Location: main.php");
		die("Already Authenticated... Forwarding");
	}
}

// Process the form if it has been submitted.
if ($formSubmitted)
{
	if (authenticateLDAPUser($username, $password))
	{
		if ($userID = getUserIDValue($username))
		{
			if (hasAdminPanelAccess($userID))
			{
				// User's login information is correct and they have administrative panel access.
				$pass_status = "0";
			}
			else
			{
				// User's login information is correct, but they do not have administrative panel access.
				$pass_status = "1";
			}
		}
		else
		{
			// The user's LDAP username does not exist within the `users` table.
			$pass_status = "1";
		}
	}
	else
	{
		// User's login information is not correct.
		$pass_status = "2";
		logFailedLoginAttempt($ipAddress, $username);
	}
	if (!$password)
	{
		// The password field has been left blank.
		$pass_status = "3";
	}
	if (!$username)
	{
		// The username field has been left blank.
		$pass_status = "4";
	}
	
	if ($pass_status == "0")
	{
		removeFailedAttempts($ipAddress);
		authenticateAdminUser($userID);
		header("Location: " . $AUTHENTICATED_PAGE);
		die("Login Successful...");
	}
}
?>

<html>
	<head>
	<title>MyNova Mobile Administration</title>
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
		<LINK rel="stylesheet" type="text/css" href="css/stylesheet.css">
		<style type="text/css">
			<!--
			body {
				background-color: #000;
			}
			-->
		</style>
		<script type="text/javascript">
			<!--
			function rollOver() {
				document.login.Login.value = true;
				document.loginButton.src = "images/login_11_down_blu.gif";
			}

			function rollOut() {
				document.loginButton.src = "images/login_11_blu.gif";
				document.login.submit();
			}

			function setFormFocus() {
				if(document.login.username.value == "")
					document.login.username.focus();
				else
					document.login.password.focus();
			}
			
			function checkEnter(e) {
				var characterCode;
				if (e && e.which) {
					e = e;
					characterCode = e.which;
				} else {
					e = event;
					characterCode = e.keyCode;
				}

				if (characterCode == 13) {
					rollOver();
					rollOut();
					return false;
				} else {
					return true;
				}
			} 
			-->
		</script>
	</head>
	<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" onLoad="setFormFocus();">
		<div align="center">
		<table id="Table_01" width="381" height="726" border="0" cellpadding="0" cellspacing="0">
			<tr>
				<td colspan="5"><img src="images/login_01.gif" width="381" height="146" alt=""></td>
			</tr>
			<tr>
				<td><img src="images/login_02.gif" width="84" height="187" alt=""></td>
				<td id="mainWindow" colspan="3">
					<div style="height: 2em; font-size: 9px">
						<center>Logged Conncetion From <?php echo $ipAddress . " @ " . date('d F Y h:i:s A') . " EST"; ?></center>
					</div>
					<div style="height: 100px">
					</div>
						<div style="height: 2em">
							<?php
								if (!$pass_status)
								{
									echo '<center>Please enter your login information</center>';
								}
								if ($pass_status == "1")
								{
									echo "<center><b><font color='red'>ERROR:</font></b><br>Your user account does not<br />have administrative privileges.</center>";
								}
								if ($pass_status == "2")
								{
									echo "<center><b><font color='red'>ERROR:</font></b><br>The password you entered<br />does not match your username.</center>";
								}
								if ($pass_status == "3")
								{
									echo "<center><b><font color='red'>ERROR:</font></b><br>The password field<br />may not be left blank.</center>";
								}
								if ($pass_status == "4")
								{
									echo "<center><b><font color='red'>ERROR:</font></b><br>The username field<br />may not be left blank.</center>";
								}
							?>
						</div>
				</td>
				<td>
					<img src="images/login_04.gif" width="74" height="187" alt="">
				</td>
			</tr>
			<form class="form" name="login" method="post" action="" onSubmit="rollOver()">
				<tr>
					<td rowspan="5"><img src="images/login_05.gif" width="84" height="130" alt=""></td>
					<td id="inputField" colspan="3">Username: <input class="form" name="username" type="text" value="<?php if($Submit and $pass_status > 0) echo $username; ?>" maxlength="20" onKeyPress="checkEnter(event)" /></td>
					<td rowspan="5"><img src="images/login_07.gif" width="74" height="130" alt=""></td>
				</tr>
				<tr>
					<td id="inputField2" colspan="3">Password: <input class="form" name="password" type="password" value="" maxlength="20" onKeyPress="checkEnter(event)" /></td>
				</tr>
			<input type="hidden" name="Login" />
			</form>
			<tr>
				<td colspan="3"><img src="images/login_09.gif" width="223" height="23" alt=""></td>
			</tr>
			<tr>
				<td><img src="images/login_10.gif" width="14" height="28" alt=""></td>
				<td><img name="loginButton" src="images/login_11_blu.gif" width="190" height="28" alt="" onMouseDown="rollOver()" onMouseUp="rollOut()"></td>
				<td><img src="images/login_12.gif" width="19" height="28" alt=""></td>
			</tr>
			<tr>
				<td colspan="3"><img src="images/login_13.gif" width="223" height="14" alt=""></td>
			</tr>
			<tr>
				<td colspan="5"><img src="images/login_14.gif" width="381" height="263" alt=""></td>
			</tr>
		</table>
		</div>
	</body>
</html>